JSI Tip 5003. The ShowACLS Resource Kit tool.

"ShowAcls.exe is a 32-bit command-line tool that displays NTFS permissions for files and directories. The tool enumerates the local and global groups to which a user belongs and matches the user's security identifier (SID) and the SIDs of the groups to which the user belongs against the SIDs in each access control entry (ACE)."

The syntax is:

showacls \[/s\] \[/u:domain\user\] \[filespec\]


/s includes sub-folders.

/u:domain\user will enumerate the permissions for a local or domain user or group.

filespec is a folder or file object.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.